Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Token): take over scope in token refresh with login by cookie #46640

Merged
merged 1 commit into from
Jul 22, 2024
Merged

fix(Token): take over scope in token refresh with login by cookie #46640

merged 1 commit into from
Jul 22, 2024

Conversation

blizzz
Copy link
Member

@blizzz blizzz commented Jul 19, 2024
edited
Loading

Summary

When logging via cookie, the token was refreshed, but while doing so, the scope was not kept. It was applied from the old token, but not saved in session. This could be typically reproduced per:

  1. Having SAML configured
  2. In any Google browser, log in via SAML
  3. Close the browser
  4. Open the browser again

When running this query SELECT id, scope from oc_authtoken where uid ='USERID' the scope would be empty instead of '{"password-unconfirmable":true,"filesystem":true}'. So, after a while a password confirmation dialogue would open at specific actions, where it is not possible to verify it.

Checklist

@blizzz
fix(Token): take over scope in token refresh with login by cookie
99182aa 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@blizzz blizzz added this to the Nextcloud 30 milestone Jul 19, 2024
@blizzz blizzz requested review from ChristophWurst, juliusknorr, a team, ArtificialOwl, yemkareems and sorbaugh and removed request for a team July 19, 2024 13:59
@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable29

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable28

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable27

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable26

@juliusknorr juliusknorr merged commit 800dffe into master Jul 22, 2024
166 checks passed
@juliusknorr juliusknorr deleted the fix/noid/google-scope branch July 22, 2024 06:49
This was referenced Jul 22, 2024
Merged
Merged
Merged
Merged
@blizzz blizzz mentioned this pull request Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl was automatically assigned from nextcloud/server-backend

@yemkareems yemkareems Awaiting requested review from yemkareems yemkareems was automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh was automatically assigned from nextcloud/server-backend

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug feature: authentication
Projects
None yet
Milestone
Nextcloud 30
Development

Successfully merging this pull request may close these issues.
3 participants
@blizzz @ChristophWurst @juliusknorr